[ previous ] [ next ] [ threads ]
 
 From:  Manuel Kasper <mk at neon1 dot net>
 To:  Joe Doran <joe at jbdww dot com>
 Cc:  'Magne Andreassen' <magne dot andreassen at bluezone dot no>, m0n0wall at lists dot m0n0 dot ch
 Subject:  RE: [m0n0wall] IPsec over two ADSL links
 Date:  Tue, 9 Sep 2003 21:40:28 +0200 (CEST)
On Tue, 9 Sep 2003, Joe Doran wrote:

> You will also have to consider that the VPN code will need to work with
> hardware accelerators like the one you can by from soekris.

It uses OpenSSL, and it appears that under FreeBSD 4.8, with the crypto
framework, e.g. HiFn cards are automatically used for 3DES encryption.  I
even ran some benchmarks; IIRC if you can afford to use RC4 (I know, weak
keys and stuff), you should even be able to obtain the same or better
performance without a crypto accelerator than with 3DES and the
accelerator. The problem is that OpenVPN runs in userland, and that tun
device stuff really seems to harm throughput. :(

- Manuel